How to locate intruders

The standard approaches toward network security – authenticate users, encrypt and secure the data path, and monitor usage – only touch a few of the concerns by securing the most obvious entry point.

The number of "neighbourhood" access points, or APs, dwarfs the number of legitimate and rogue APs combined, so newly installed external access point is indistinguishable from a rogue device.

Even without a wireless network, devices can still be targets. Attacking APs can trick clients into establishing a connection, allowing an attack. Attacks on clients circumvent existing authentication and encryption methods by skirting around 802.1x, WPA, VPNs, etc. creating a bridge for the attacker to cross.

Systematic attacks are a threat despite recent upgrades to support encryption standards. APs are vulnerable in several ways: exploiting bugs in encryption algorithms, compromised passwords or other credentials, and other AP attacks. These attacks are time-consuming, but the invisible network favours a patient attacker.

Location-enabled security

Location-enabled security stops attacks by denying outside users access. In addition, rogues are accurately located and contained to ensure true physical perimeter security, making it possible to:

• Deny intruder access, AP attacks;
• Identify and stop unapproved connections crossing the perimeter (filter out false positives and irrelevant alerts);
• Identify the physical location of rogue APs and WLANs inside the facility;
• Identify the location of wireless attacks to respond physically.

Perimeter security filters out false positives and irrelevant alerts.

There are three typical approaches to Wi-Fi location tracking: nearest sensor, trilateration, and RF fingerprinting.

Tracking a device's location with the nearest access point or sensor offers extremely low precision and confidence in predicting location.

Trilateration or triangulation take measurements of either distance-to-sensors or angles-to-sensors and create equations to determine the location of devices. With Wi-Fi, this approach does not work because environmental interference (people, furniture, walls, etc.) dramatically changes the measurements.

Radio frequency (RF) fingerprinting involves taking calibration measurements, which the system uses to map the RF environment. Next, device measurements are compared to the calibration measurements. Pattern recognition software identifies the facility's fingerprint. RF fingerprinting provides highly accurate tracking and an adjustable precision level to suit the wireless policy.

Matthew Gray is chief technology officer for Newbury Networks